Re: LAMP vs Microsoft

[Bob Beck <beck () bofh cns ualberta ca>]

> And I think vulnerabilities disclosed are a much better indicator
> of the changes to QA/development of products than any hyperbole
> from those responsible (be it management or developers.)

        No, I think vulnerabilities disclosed is simply a measure of how much
development and deployment is happening on the platform. period. 

> I fully expect that both the Microsoft and Linux based platforms to
> continue to be the most popular for web deployments and thus the most
> interesting for hackers to target and vulnerabilities to be found.
>
> What would concern me more here is if one platform was on the up
> whilst the other was on the down.

        This will always be the case as one platform changes in popularity
for deployments relative to another. 

        The simple fact is most of the MS/PHP/JAVA web development will be
being done by code monkeys, fresh out of school.. I'm pretty certain
they will "inbug" the same average number of bugs per line of code
they write no matter what platform it is. Development is often
outsourced to an external coding haus, written to a spec, without
complete info about what the whole final application is going to do.
Frequently they don't even reuse "mature" code from past releases
because you don't want to release it to the external people, or you're
too busy chasing platform-du-jour (Want a great example of this? I'm
betting Sun One, going from version 5 to version 6 is a good one)

        -Bob